add paragraph: Security Considerations

SixLabors · Apr 10, 2024 · 6eb15bd · 6eb15bd
1 parent c84baa2
commit 6eb15bd
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/articles/imagesharp/security.md b/articles/imagesharp/security.md
@@ -0,0 +1,19 @@
+# Security Considerations
+
+Image processing is a memory-intensive application. Most image processing libraries (including ImageSharp and SkiaSharp) decode images into in-memory buffers. Any publicly facing service using such a library might be vulnerable to DoS attacks without implementing further measures.
+
+For solutions using ImageSharp such measures can be:
+- Authentication, for example by using HMAC. See [Securing Processing Commands in ImageSharp.Web](../imagesharp.web/processingcommands.md#securing-processing-commands).
+- Offloading to separate services/containers.
+- Placing the solution behind a reverse proxy.
+- Rate Limiting.
+- Imposing conservative allocation limits by configuring a custom `MemoryAllocator`:
+
+```csharp
+Configuration.Default.MemoryAllocator = MemoryAllocator.Create(new MemoryAllocatorOptions()
+{
+    // Note that this limits the maximum image size to 64 megapixels.
+    // Any attempt to create a larger image will throw.
+    AllocationLimitMegabytes = 256
+});
+```
diff --git a/articles/toc.md b/articles/toc.md
@@ -8,6 +8,7 @@
 ### [Working with Pixel Buffers](imagesharp/pixelbuffers.md)
 ### [Configuration](imagesharp/configuration.md)
 ### [Memory Management](imagesharp/memorymanagement.md)
+### [Security Considerations](imagesharp/security.md)
 
 # [ImageSharp.Drawing](imagesharp.drawing/index.md)
 ## [Getting Started](imagesharp.drawing/gettingstarted.md)